WordPress, with it's ever-growing popularity, is an attractive target for attackers. Many of its security issues come from third-party plugins and themes. Getting these listed on WordPress.org
requires approval and must adhere to a
strict list of guidelines. After this initial approval, however, future changes go
through a less-stringent vetting process. This means your secure plugin of today
could be your attacker's plugin of choice when it is updated in six months.

This case study reviews popular plugins and
themes on WordPress.org to determine the general security posture of third-party
plugins.